View Issue Details

IDProjectCategoryView StatusLast Update
0002096libextractorpluginspublic2012-01-26 20:37
ReporterChristian GrothoffAssigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status newResolutionopen 
Product Versioncurrent SVN 
Target VersionFixed in Version 
Summary0002096: extract user name from file protection records in MS office formats
DescriptionSection 4.19 says something about a user name for write access in Excel documents (see attached file). This would be something useful to extract (as well as the rest of the access permission information).
TagsNo tags attached.

Activities

Christian Grothoff

2012-01-21 17:57

manager  

excelfileformat.pdf (1,196,627 bytes)

Christian Grothoff

2012-01-21 18:28

manager   ~0005331

http://msdn.microsoft.com/en-us/library/cc313118.aspx

Christian Grothoff

2012-01-21 19:34

manager   ~0005332

Last edited: 2012-01-21 19:39

View 3 revisions

Also of interest are the 2.3.3.2 OLE Property sets (in [MS-OSHARED].pdf in the zip file from the page linked above). We might be getting some of those already, couldn't hurt to double-check though. The following subsections (up to 2.3.3.2.3.2) are also interesting.

2.3.3.1.1 PropertySetSystemIdentifier might also give a bit of information (OS).

Christian Grothoff

2012-01-21 19:42

manager   ~0005333

Last edited: 2012-01-21 19:45

View 2 revisions

I wonder if the applicationCIsid in the DocumentSummaryInfoStream (page 146 in the above-mentioned document) is really always all-zeros, or if there is a unique identifier for the Office installation in there. We should check...

This page
http://support.microsoft.com/kb/240794
would seem to give a way to find the CISID of locally installed apps. Given that bit pattern, we could then just check if a file created on the system contains the pattern at all (this might depend on the specific Office version, maybe only older versions used this?).

Issue History

Date Modified Username Field Change
2012-01-21 17:57 Christian Grothoff New Issue
2012-01-21 17:57 Christian Grothoff File Added: excelfileformat.pdf
2012-01-21 18:28 Christian Grothoff Note Added: 0005331
2012-01-21 19:34 Christian Grothoff Note Added: 0005332
2012-01-21 19:37 Christian Grothoff Note Edited: 0005332 View Revisions
2012-01-21 19:39 Christian Grothoff Note Edited: 0005332 View Revisions
2012-01-21 19:42 Christian Grothoff Note Added: 0005333
2012-01-21 19:45 Christian Grothoff Note Edited: 0005333 View Revisions
2012-01-26 20:37 Christian Grothoff Severity block => feature